ATHERCRC32 Provide developers with a complete framework for using CRC32 in functions/classes in memory, and protecting your software against WriteProcessMemory or changes during execution in memory, protecting your intellectual property.
//__________________________________
// INCLUDE FOR ATHERCRC32 LIB
//__________________________________
#include "includes/ATHERCRC32.h"
//__________________________________
// Create an ATHERCRC instance
ATHERCRC32* ATHERCRC = new ATHERCRC32();
ATHERCRC32_WARNING* ATHERCRCWARNING = new ATHERCRC32_WARNING();
//Simple steps to implement for functions that are not class members
// We get the size of the process memory function
unsigned int iTamanho = ATHERCRC->obtemTamanhoDeUmaFuncaoDaMemoria(minhaFuncao);
// We calculate the CRC32
uint32_t CRC32MinhaFuncao = ATHERCRC->calcularCRC32DEUMAFUNCAO(minhaFuncao, iTamanho);
// Even simpler implementation for methods and classes
// Getting a pointer to a specific method / function of a class
auto pFuncaoParaVoidCasting = ATHERCRC->pvoid_cast(&MyClassTest::MyFunction);
// Calculating the size in memory
iTamanho = ATHERCRC->obtemTamanhoDeUmaFuncaoDaMemoria(pFuncaoParaVoidCasting);
// Calculating the CRC32
CRC32MinhaFuncao = ATHERCRC->calcularCRC32DEUMAFUNCAO(pFuncaoParaVoidCasting, iTamanho);
// It will be displayed and calculated that the CRC32 of the memory block is wrong and has been changed
// Just detect, and writes to the console that a change was found in the process memory block.
ATHERCRCWARNING->AntiMemoryWriteDectLite(minhaFuncao, iTamanho, CRC32MinhaFuncao);
// It will be displayed and calculated that the CRC32 of the memory block is correct
//You can assign between true and false if you want to show a warning to your user.
ATHERCRCWARNING->AntiMemoryWriteDetect(minhaFuncao, iTamanho, CRC32MinhaFuncao, true);
In this example using the x32dbg tool I found the memory pointer of a string that I would like to modify
I decided to modify the function and its received parameters and its strings
After making some modifications, and cracking attempts and changes in the process memory
I decided to run the software after my modifications and I was detected and the software was protected from my attack.